Email and Phone Fraud
Phishing and vishing are two common ways for fraudsters to try to trick victims into sharing their personal information. Phishing uses fraudulent emails that look like they come from a legitimate company, while vishing is the telephone version of phishing.
In both types of fraud, a variety of tricks are used to get you to share your personal and financial information, including time-limited offers, scary messages about your accounts being shut down, or links to a legitimate looking website set up to steal your information.
How does it happen?
In phishing emails, victims are asked to click on a link that brings them to a fake website or to verify personal information (such as a credit card number or passwords) whether online, in an email reply or by calling the contact information in the fake email.
Fraudulent emails may also carry a hidden software program, called "malware" or a virus, which downloads to your computer, records every key you press and transfers that information to fraudsters, who can use it to steal your personal information or access your financial accounts.
In vishing, targeted victims receive a telephone call or voicemail asking them to provide or confirm personal information. This information is used by fraudsters to steal their victim's identity or access their financial accounts.
How to prevent it
- If you receive an email or phone call asking for your personal information, be suspicious.
- Only provide personal information to verify your identity when you have initiated the communication or you trust the source.
- Never click on a link in an email, even if you think it is a trusted source; always type the website address into the browser yourself.
- Do not reply to a suspicious email even to say you are not interested or to unsubscribe; sometimes spammers use your reply to verify that the email address is valid.
- Do not rely on the contact information provided to you in an email or telephone call. Look up the company’s contact information yourself.
- Remember that financial institutions will never notify you of a problem with your account through an unsolicited email, and they will never ask you to send or confirm personal or financial information by email.
What to do if you become a victim
If you think you are a victim of fraud, take the following steps:
- Start a written log: write down when you noticed the fraud and the actions you took, including names of people you spoke to and dates of communications.
- File a report with your local police.
- Contact your financial institutions and any other companies (e.g. phone company, cable provider, etc) where your accounts were tampered with, or are at risk of being tampered with.
- Advise Canada's two credit rating agencies, TransUnion and Equifax.
- Contact the Canadian Anti-Fraud Centre.
To learn more about how email fraud and telephone fraud happen, how to protect yourself and what to do if you become a victim, read the tip sheet "Protecting Yourself from E-Mail and Telephone Fraud."
Related Resources
Learn how to prevent different types of fraud, and what to do if you become a victim.
- The City
A financial life skills resource
- Financial Basics
A financial literacy workshop
- How can I protect myself against unauthorized transactions being made with my credit card?
- If my credit or debit card is lost or stolen, am I liable for any unauthorized transactions that appear on my statement after that?
- What is the Canadian Code of Practice for Consumer Debit Card Services?
- I expect to receive a lump-sum payment. How can I protect myself from becoming a victim of fraud?
About FCAC
For Consumers
- Banking
- Budgeting and Money Management
- Credit Cards
- Payment Options and Money Transfers
- Mortgages
- Credit and Loans
- Savings and Investments
- Insurance
- Fraud
- Your Rights and Responsibilities
For the Industry
Educational Programs
For Partners
For the Media
Resources
- Tools and Calculators
- Publications
- How to Lodge a Complaint
- Frequently Asked Questions
- Multimedia
- more resources...
Transparency
Footer
